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Mark W. Abbott 
Grants Office 

U.S. Election Assistance Commission 
1335 East West Highway, Suite 4300 
Silver Spring, MD 20910 

Mr. Abbott, 

The Department of Elections’ (Department) spending plan allows the Department to concentrate 
on the administration of elections in Virginia while working in tandem with a project team 
whose sole responsibility will be to implement the security plan and to utilize the funds as 
intended while establishing a transition plan to ensure the continuity of the plan without 
requiring supplemental funding. Before the end of the five year grant period, ongoing costs will 
be rolled into existing general fund resources. 

The goals to achieve the vision come from standards and best practices provided by the Virginia 
Information Technologies Agency (VITA) and the Center for Internet Security (CIS). VITA 
provides a comprehensive set of information security policies, standards and guidelines for all 
executive branch agencies. Based on the National Institute of Standards and Technology (NIST) 
security standards, these documents serve as the basis for determining how to secure technology 
through the identification and mitigation of risks. CIS provides global standards and best 
practices for securing technology systems and data against the most pervasive attacks. 
Additionally, CIS is home to the Elections Infrastructure Infonnation Sharing and Analysis 
Center (EI-ISAC) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), 
which are the primary resources for cyber threat monitoring, prevention, and response for the 
states. Leveraging the standards and tools provided by VITA and CIS to identify and mitigate 
risks will substantially improve Virginia’s election infrastructure security posture. 

The Department would like to substantially increase the security posture of the election 
infrastructure used in the Commonwealth of Virginia through cost-effective implementation of 
the standards, policies and best practices developed by VITA, NIST and CIS. 

Goals: 

1) Secure the Department of Elections’ Infrastructure 

a. Manage the Department’s compliance with VITA’s security policies and CIS’ 
best practices 
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b. Manage third-parties’ compliance with VITA’s security policies and CIS’ best 
practices 

c. Physical security of the Department’s systems and access points to those systems 

d. Conduct cybersecurity training to include table-top exercises and testing to 
determine the effectiveness of the training 

2) Secure Voting Infrastructure 

a. Voting Equipment Security 

b. Electronic pollbook security 

3) Security and continuity of operations plans 

a. Develop and implement new security plan standards 

b. Develop and implement new continuity of operations plan standards 

c. Develop and implement new business impact analysis standards 

d. Develop and implement new risk assessment standards 

e. Develop and implement new risk mitigation standards 

f. Develop and implement new incident response standards 

g. Monitor/audit compliance with security and continuity of operations plan 
standards 

Deliverables: 

1) The Department of Elections will continue to provide multifactor authentication for all 
users accessing sensitive data. 

2) The Department will provide effective cybersecurity training. 

3) The Department will develop the new and updated standards and templates. 

4) The Department will conduct training and provide guidance on the implementation of the 
standards. 

5) Each voting system and electronic pollbook system will be recertified within 4 years, in 
accordance with the new certification standards. 

6) The Department will establish a 4 year cycle for the review of all equipment certification 
standards. 


Sincerely, 



Christopher E. Piper 
Commissioner 


Attachment: Department of Elections 2018 HAVA Budget 






VIRGINIA DEPARTMENT OF ELECTIONS 


2018 HAVA ELECTION SECURITY GRANT 

Budget Information 

CFDA# 90.404 Non-Construction Program 

Name of Organization: 

Budget Period Start: 

Budget Period End: 

Virginia Department 

3/23/2018 

3/22/2023 

of Elections 

SECTION A- BUDGETSUMM 

FEDERAL & NON- 

ARY (Consolidated Budget for total project term- 

: EDERAL FUNDS (Match) up to 5 years as defined by grantee) 

PROGRAM CATEGORIES 

BUDGET CATEGORIES 

(a) Voting 
Equipment 

(b) Election 
Auditing 

(c) Voter 
Registration 
Systems 

(d) Cyber Security 

(e) Communications 

(f) Other 

COOP/Emergency 

Plans 

(g) Other 

TOTALS 

% Fed Total 

1. CONTRACTORS 


S 662,200.00 


S 1,473,462.00 


$ 356,930.00 

S 2,161,073.00 

S 4,653,665.00 

51% 

2. SOFTWARE 




S 959,885.00 




S 959,885.00 

11% 

3. SUBGRANTS- to local voting jurisdictions 








S 

0% 

4. TRAINING 




S 97,815.00 

$ 135,000.00 



S 232,815.00 

3% 

5. All OTHER COSTS 




S 2,927,731.00 

$ 90,920.00 


$ 215,715.00 

$ 3,234,366.00 

36% 

6. TOTAL DIRECT COSTS (1-6) 

$ 

$ 662,200.00 

$ 

$ 5,458,893.00 

$ 225,920.00 

S 356,930.00 

$ 2,376,788.00 

$ 9,080,731.00 


7. INDIRECT COSTS (if applied) 


$ 






S 

0% 

8. Total Federal Budget 

$ 

S 662,200.00 

$ 

S 5,458,893.00 

$ 225,920.00 

$ 356,930.00 

S 2,376,788.00 

S 9,080,731.00 


11. Non-Federal Match 




$ 454,037.00 




S 454,037.00 


12. Total Program Budget 

$ 

S 662,200.00 

$ 

S 5,912,930.00 

$ 225,920.00 

$ 356,930.00 

S 2,376,788.00 

S 9,534,768.00 


13. Percentage By Category 

0% 

7% 

0% 

60% 

2% 

4% 

26% 






Proposed State Match 

5.0% 




A. Do you have an Indirect Cost Rate Agreement approved by the Federal government or 
some other non-federal entity? 

If yes, please provide the following information: 

B. Period Covered by the Indirect Cost Rate Agreement (mm/dd/yyyy-mm/dd/yyy): 

No 



C. Approving Federal agency: 

D. If other than Federal agency, please specify: 

E. The Indirect Cost Rate is: 


























































